agenttesla | 9861e73d0befeb0d63095efb1d5b57a9719f962c9ef6d0cebbf7a66159e1cd49 | Triage

Submit
Reports

Overview

overview

Static

static

3

DOC8558388...21.exe

windows7-x64

DOC8558388...21.exe

windows10-2004-x64

Sharing

General

Target

28c5f206ecbde46390bb8afe47fff7a7_JaffaCakes118
Size

1.8MB
Sample

241009-cchesawajc
MD5

28c5f206ecbde46390bb8afe47fff7a7
SHA1

6d1659ee8e8162135dcbb7e592e11943b4c0d65f
SHA256

9861e73d0befeb0d63095efb1d5b57a9719f962c9ef6d0cebbf7a66159e1cd49
SHA512

a22eadb610e365cbc65ddd7407239376eefb25b6251289a0c99d28e8c2ebd8ac82ee7c56693d3647631dd1fb94b959f9bf1553509d1c83a0b42e778e3c57c5ae
SSDEEP

24576:a+EF798nDNkpLeCoeNbk+0ioO4A8XHiuvT1U9m1hlSmvpduchqbmkDSAf:GAxIZNbt8bMehDTXvVG

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DOC8558388_AUGUST2021.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOC8558388_AUGUST2021.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.rdnsanom.xyz
Port:
587
Username:
[email protected]
Password:
j!P2f~oad_G7
Email To:
[email protected]

Targets

- Target
  
  DOC8558388_AUGUST2021.exe
- Size
  
  1.3MB
- MD5
  
  fe1e7c4a720c5aabdff8b5134ff25292
- SHA1
  
  3b512edaf968cfc824a73eee98a841bf893cbe99
- SHA256
  
  64186ecb7905dcf865a55113e959199d17479cbe9a538669b4f4d356b194dbfc
- SHA512
  
  8fdfc7bf5f8958a65b6485583d0a05fed35c9c791522d100f870a35eeefe3fea65649293d3d60a36037311004b294ca7dba182eac6331981aa60bfd31d2de04b
- SSDEEP
  
  24576:vQRK0rxB/HOIThNN7Mtqk8RbZZS5R0DlhuCO:v2BtThXEc3Bb0
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy